How to Make Your Server Invisible with Knockd

When you have a server that is publicly accessible, hackers can easily scan your IP address and check for open ports (particularly port 22 that is used for SSH) on your server. One way to hide your server from hackers is knockd. Knockd is a is a port-knock server. It listens to all traffic on an ethernet or other available interfaces, waiting for special sequences of port-hits. Clients such as telnet or Putty initiate port-hits by sending a TCP or packet to a port on the server.

In this article we will look at how we can use knockd to hide services running on a Linux server.

Install Knockd on a Linux Server

Knockd is available in most distro’s repositories. On a Debian/Ubuntu/Ubuntu-based server, you can use the apt-get command to install knockd.

sudoapt-get install knockd

For Fedora, CentOS, or REHL users, you can use the yum command:

yum install knockd

Install and Configure Iptables

If you don’t have Iptables installed on your server, install it now.

sudoapt-get install iptables iptables-persistent

The package iptables-persistent takes over the automatic loading of saved iptables.

Next, you need to allow already established connections as well as current sessions through iptables. Use the following command to achieve this task:

The document has a critical error so if you follow the configuration in knockd.conf it WILL NOT WORK. ! The problem is the command in [OpenSSH] sections -> “command = /sbin/iptables -A INPUT -s %IP% -p tcp –dport 22 -j ACCEPT” Explanation : The “-A INPUT” option is putting the rule in the END of your firewall section so it will go after the rule you already have in your firewall witch REJECT the port 22. You have to change the ” -A INPUT” to “-I INPUT 1” This will add this rule as rule 1 at the top of the firewall section. Now it is working. One more thing …. You can also use other programs than knock to open the port sequence on your remote server like nmap which you can find with windows too. Here are the commands for linux ————————————————– for x in 7000 8000 9000; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x server_ip_address; done

Of course to close the port you type or you can make a script of these comands..!